We have a CCR1072 running 6.40.5 on the edge of our network.
This router typically has 2.5-3Gbps of traffic running through it.
Many fw rules and does NAT for customers on private addressing.
about 1-2 times per month it randomly jumps into a mode where the CPU goes from the normal 7-8% up to 60% range and many services stop working correctly and things get strange.
For example L2TP-IPsec VPN wont work but PPTP VPN works just fine.
Once we reboot the router, its fine again for a while.
Anyone know of any bugs that would be causing such behavior?
It could be but I dont see the traffic going up much.
I have a bunch of rules to detect if the traffic goes up to an unusual level and captures stuff into files assuming its a DDOS attach.
It could be a low volume attach designed to drive a Mikrotik crazy, I suppose.
I had a issue where disconnecting L2tp tunnels would cause 100% cpu spikes for about 1sec.
What would happen is a areas power would go out and about 200 l2tp’s would disconnect because the cpe devices went offline and this caused a domino affect where the high cpu load would cause the other tunnels to also start dropping.
If you did a reboot from the terminal the device would take about 8min to start rebooting.
Till this day i dont know what causes the cpu spikes on my 1072, i have moved all the tunnels to a dedicated 1036 just running l2tp and the issue is solved.
If you start seeing the high cpu load try adding a raw rule that drops all new tcp syn connections.